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WHAT IS CLAIMED IS: 

1 . A method for providing network services using at least one processor 
interfacing a base network, said method comprising the steps of: 

receiving, at the at least one processor, information identifying a user 
authorized to administer a first processor separate from the at least one processor; 

receiving, at the at least one processor, a base address that is routable in the 
base network; 

providing, at the at least one processor and through the base network, code 
and information for configuring the first processor to interface the base network at the 
received base address; 

executing, at the first processor, the provided code to configure the first 
processor based on the provided information such that the first processor interfaces 
the base network; and 

providing, by the at least one processor and through the base network to the 
first processor, information enabling at least one tunnel through the base network to 
a second processor separate from the at least one processor, when the first and 
second processors each provide to the at least one processor a consent for enabling 
the at least one tunnel. 
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2. The method of claim 1 , further comprising the step of: 
providing, by the at least one processor and through the base network to a 

firewall interfacing the base network, information for use by the firewall to selectively 
restrict from the first processor information flowing through the base network and 
destined to the first processor. 

3. The method of claim 1 , further comprising the steps of: 

upgrading, from the at least one processor and through the base network, the 
provided code and information in the first processor. 

4. The method of claim 1 , further comprising the step of: 

disabling, at the at least one processor, the at least one enabled tunnel when 
at least one of the first and second processors withdraws the consent to enabling the 
at least one enabled tunnel. 

5. The method of claim 1 , further comprising the step of: 
determining, at the at least one processor, a quality of service provided by a 

network service provider providing the first processor with access to the base 
network. 
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6. The method of claim 1 , further comprising the step of: 
determining, at the least one processor, quality of services provided by two or 

more network service providers providing the first processor and the second 
processor with access to the base network. 

7. The method of claim 6, further comprising the step of: 

providing a comparison of the determined quality of services across the two or 
more network service providers. 

8. The method of claim 1 , further comprising the step of: 
notifying, by the at least one processor, the identified user when the first 

processor is unable to establish the at least one enabled tunnel to the second 
processor through the base network. 

9. The method of claim 8, wherein the step of notifying the identified user 
comprises the step of: 

sending an email to an email address specified by the identified user. 

10. The method of claim 8, wherein the step of notifying the identified user 
comprises the step of: 

calling a telephone number specified by the identified user. 
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1 1 . The method of claim 1 , further comprising the step of: 
establishing the at least one enabled tunnel from the first processor to the 

second processor through the base network. 

12. The method of claim 1 1 , further comprising the step of: 
determining, at the at least one processor, a quality of service for the at least 

one established tunnel. 

13. The method of claim 1 1 , further comprising the step of: 
terminating the at least one established tunnel between the first and second 

processors when at least one of the first and second processors withdraws the 
consent to enabling the at least one established tunnel. 

14. The method of claim 1 1 , further comprising the steps of: 
receiving, at the at least one processor and through the base network, 

information indicating a number of packets flowing through the at least one 
established tunnel; and 

reporting to the identified user the indicated number of packets flowing through 
the at least one established tunnel. 
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1 5. The method of claim 1 1 , further comprising the steps of: 
receiving, at the at least one processor and through the base network, 

information indicating a latency of at least one packet flowing through the at least one 
established tunnel; and 

reporting to the identified user the indicated latency. 

16. The method of claim 1 1 , further comprising the steps of: 
receiving, at the at least one processor and through the base network, 

information indicating a throughput of the at least one established tunnel; and 
reporting to the identified user the indicated throughput. 

17. The method of claim 1 1 , further comprising the steps of: 
receiving, at the at least one processor and through the base network, 

information indicating a status of the at least one established tunnel; and 
reporting to the identified user the indicated status. 

1 8. The method of claim 1 1 , further comprising the steps of: 
receiving, at the at least one processor, information indicating a number of 

packets lost when flowing through the at least one established tunnel; and 
reporting to the identified user the indicated number of packets lost. 
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19. The method of claim 1 , further comprising the step of: 

providing, by the at least one processor and through the base network, at least 
one key to the first processor for decrypting information flowing from the second 
processor to the first processor when the at least one enabled tunnel is established 
between the first processor and the second processor. 

20. The method of claim 1 , further comprising the step of: 
notifying, by the at least one processor, the identified user when an 

unauthorized attempt to access the first processor is detected. 

21 . The method of claim 1 , further comprising the step of: 
notifying, by the at least one processor, the identified user when an 

unauthorized access to the first processor is detected. 

22. The method of claim 1 , further comprising the steps of: 
determining, at the at least one processor, a total number of processors that 

are separate from the at least one processor and that are administered by the 
identified user through the at least one processor; and 

billing the identified user based on the determined total number of processors. 
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23. The method of claim 1 , further comprising the steps of: 
determining, at the at least one processor, a number of processors that are 

separate from the at least one processor and that are administered by the identified 
user through the at least one processor and that are configured as at least one 
gateway; 

billing the identified user based on the determined number of processors. 

24. The method of claim 1 , further comprising the steps of: 
determining, at the at least one processor, a number of processors that are 

separate from the at least one processor and that are administered by the identified 
user through the at least one processor and that are configured as a client processor; 
billing the identified user based on the determined number of processors. 

25. The method of claim 1 , further comprising the steps of: 
determining, at the least one processor, a total number of processors that are 

separate from the at least one processor and that are administered by the identified 
user through the at least one processor; 

determining a bandwidth allocated in the base network to the first processor; 

and 

billing the identified user based on the determined bandwidth. 
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26. The method of claim 1 , wherein the step of providing the code and the 
information for configuring the first processor comprises the step of: 

providing, by the at least one processor to the first processor, a virtual address 
that identifies the first processor in at least one virtual network enabled over the base 
network by the at least one processor, the virtual address being routable in the at 
least one virtual network. 

27. The method of claim 26, further comprising the step of: 
monitoring, at the at least one processor, quality of service of the at least one 

virtual network. 

28. The method of claim 26, further comprising the steps of: 
establishing the at least one enabled tunnel from the first processor to the 

second processor through the base network; and 

routing the at least one packet through the at least one established tunnel 
between the first processor and the second processor based on the virtual address 
that identifies the first processor in the at least one virtual network. 

29. The method of claim 28, further comprising the step of: 
prioritizing the routing of the at least one packet through the at least one 

established tunnel between the first processor and the second processor. 
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30. The method of claim 1 , further comprising the step of: 
monitoring, at the at least one processor, quality of service of at least one 

virtual network enabled over the base network by the at least one processor, based 
on at least one packet flowing through the at least one virtual network, the at least 
one packet including a virtual address from a range of virtual addresses that are 
routable through the at least one virtual network. 

31 . The method of claim 1 , further comprising the step of: 
monitoring, at the at least one processor, quality of service of at least one 

virtual network enabled over the base network by the at least one processor and 
administered by the identified user through the at least one processor, based on at 
least one packet flowing through the at least one virtual network. 

32. The method of claim 1 , further comprising the step of: 
monitoring, at the at least one processor, quality of service of at least one 

virtual network enabled over the base network by the at least one processor, based 
on at least one packet that flows through the at least one virtual network, the at least 
one packet being associated with at least one application. 
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33. A method for providing network services over a base network, said 
method comprising the steps of: 

providing at least one site in the base network; 
receiving, at the at least one site, information about a user; 
providing to the user code and other information for self-configuring a 
first processor; 

executing the code on the first processor to self-configure the first 
processor based on the provided other information; and 

establishing communication over the base network between the at least 
one site and the self-configured first processor to provide the self-configured first 
processor virtual address information enabling at least one tunnel through the base 
network between the self-configured first processor and at least one other self- 
configured second processor, when the at least one site determines that the self- 
configured first and second processors mutually consent to enabling the at least one 
tunnel. 

34. The method of claim 33, further comprising the step of: 
establishing at least one virtual network over the base network based 

on the at least one enabled tunnel. 
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35. The method of claim 34, further comprising the step of: 

the at least one site administering the at least one virtual network on 
behalf of the user. 
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36. The method of claim 35, further comprising the step of: 

the at least one site providing to the user a graphical interface through 
which the user administers the at least one virtual network. 

37. The method of claim 35, further comprising the step of: 

the at least one site providing to the user quality of service (QoS) 
information about the at least one virtual network. 



38. The method of claim 34, further comprising the steps of: 

the at least one site monitoring the at least one virtual network; and 
the at least one site providing to the user monitoring information about 
the at least one virtual network. 



LAW OFFICES 

F[ni4:=gan ? Henderson, 
f^rabow, garrett; 
dunner, l.l.p. 

■ I STREET, N. W. 
■i I NGTONj DC 20005 
2O2-4O8-4000 



39. The method of claim 38, further comprising the step of: 

the at least one site notifying the user when the at least one site detects 
in the at least one virtual network an event that exceeds a predetermined threshold. 

40. The method of claim 34, further comprising the step of: 

the at least one site automating on behalf of the user administration of 
the at least one virtual network. 
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41 . The method of claim 34, further comprising the step of: 

billing the user based on a number of the self-configured first processor 
and other processors that the user self-configures and administers through the at 
least one site. 
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42. The method of claim 34, further comprising the step of: 

billing the user based on a number of the self-configured first processor 
and at least one client processor that the user configures and administers through 
the at least one site. 

43. The method of claim 34, further comprising the step of: 

billing the user based on bandwidth allocated in the base network for 
the self-configured first processor and other processors that the user self-configures 
and administers through the at least one site. 

44. The method of claim 34, further comprising the step of: 

the at least one site dynamically modifying configuration of the self- 
configured first processor through the base network. 

45. The method of claim 34, further comprising the step of: 

the at least one site communicating with the self-configured first and 
second processors through other tunnels established through the base network to 
facilitate administration of the at least one virtual network on behalf of the user. 
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46. The method of claim 33, further comprising the step of: 

the at least one site providing to the user quality of service (QoS) 
information about at least one network service provider that provides access to the 
base network. 
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47. The method of claim 33, further comprising the step of: 

the at least one site providing to the user a comparison of quality of 
service (QoS) information about different network service providers providing access 
to the base network. 

48. The method of claim 33, further comprising the step of: 

the at least one site upgrading the code executed in the self-configured 
first processor through the base network. 

49. The method of claim 33, further comprising the step of: 

the at least one site configuring for the self-configured first processor a 
firewall based on additional information provided by the user to the at least one site. 
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50. The method of claim 33, further comprising the steps of: 

the at least one site requesting from the user additional information 
about a local area network that is administered by the user and that interfaces the 
base network; 

the at least one site receiving the additional information from the user; 

and 

the at least one site determining the other information for self- 
configuring the first processor based on the additional information. 

51 . The method of claim 33, wherein the step of establishing 
communication comprises the steps of: 

the self-configured first processor automatically initiating the 
communication with the at least one site based on the other information provided by 
the at least one site for self-configuring the first processor; and 

the at least one site providing to the self-configured processor 
additional information enabling the self-configured first process to establish a secure 
tunnel to the at least one site. 

52. The method of claim 51 , further comprising the step of: 

the at least one site administering the self-configured first processor 
through the secure tunnel established through the base network between the self- 
configured first processor and the at least one site. 
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